So far everything works great on http, working on https now. Even SSH and SNMP are working well. I've exported my cert from my IIS server and it's a .pfx file format. I renamed the file to .pem but was sure if that would work. When I launt squid with -N I get the following: Failed to acquire SSL certificate 'usr/local/squid/var/cert.pem' " error: 0906D06C: PEM routines: PEM_read_bio : no start line. I appeal to the Gods of Squid givth me the guidance. This is all I need to be done. -----Original Message----- From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] Sent: Monday, May 07, 2007 3:40 PM To: Jason Hitt Cc: Squid Users Subject: RE: FW: failure notice mån 2007-05-07 klockan 15:20 -0500 skrev Jason Hitt: > The viconnect FAQ still references the old http_accel lines. > http://viconnect.visolve.com/vic7/modules/knowledgebase/faqsearch.php? > productid=22&contentid=78&nodeid=squidn08&visid . The squid-cache FAQ > doesn't but doesn't make an sense to me > http://wiki.squid-cache.org/SquidFaq/ReverseProxy > > All I want to do is have a very basic vanilla https server reverse > proxied with Squid. I'll get the .pem cert but I can't even get squid > to start up as it is. Any help would be GREATLY appreciated. You'll need to give a cert (and key) to https_port. And if the origin server is also https then use the ssl option on cache_peer. Configuration is the same as for http, but with the changes above to use https instead of http.. so it's just https_port 443 cert=/path/to/cert.pem key=/path/to/cert_key.pem accel defaultsite=the.official.name cache_peer ip.of.webserver parent 443 0 no-query originserver ssl The certificate key needs to be stored unencrypted, or you will need to start Squid in foreground mode (-N option) to be able to enter the key encryption password. Regards Henrik
